package com.varz.sso.client.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@Configuration
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    /**
     * security的鉴权排除的url列表
     */
    private static final String[] EXCLUDED_AUTH_PAGES = {
            "/actuator/**", "/oauth/**", "/css/**", "/js/**", "/images/**", "/webjars/**",
            "**/favicon.ico", "/index", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js"
    };

    /**
     * 配置资源服务器,限制路径
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers(EXCLUDED_AUTH_PAGES)
                .permitAll()
                .anyRequest()
                .authenticated();

    }

}
